Prevent orphan glue records from being published

When a domain refreshes, always delete all of its subordinate host records and then add glue records for its in-bailiwick nameservers, if the domain is in a publishable status. When a host refreshes, delete its glue record (if any) and then refresh its superordinate domain. The goal is to prevent A/AAAA records for hosts that are not used as in-bailiwick nameservers from being published in the DNS. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=128354008
2025-05-14 00:17:20 +02:00 · 2016-07-25 07:25:44 -07:00 · 2016-07-25 07:25:44 -07:00 · c3e8ff7b21
commit c3e8ff7b21
parent 05ec2ff421
2 changed files with 11 additions and 8 deletions
--- a/java/google/registry/dns/writer/api/DnsWriter.java
+++ b/java/google/registry/dns/writer/api/DnsWriter.java
@ -39,11 +39,12 @@ public interface DnsWriter extends AutoCloseable {
  void publishDomain(String domainName);

  /**
-   * Loads {@code hostName} from datastore and publishes its A/AAAA glue records to the DNS server.
-   * Replaces existing records for the exact name supplied, with an A or AAAA record (as
-   * appropriate) for each address stored in the registry, for the supplied host name. If the host
-   * is deleted then the existing records are deleted. Assumes that this method will only be called
-   * for in-bailiwick hosts. The registry does not have addresses for other hosts.
+   * Loads {@code hostName} from datastore and publishes its A/AAAA glue records to the DNS server,
+   * if it is used as an in-bailiwick nameserver. Orphaned glue records are prohibited. Replaces
+   * existing records for the exact name supplied, with an A or AAAA record (as appropriate) for
+   * each address stored in the registry, for the supplied host name. If the host is deleted then
+   * the existing records are deleted. Assumes that this method will only be called for in-bailiwick
+   * hosts. The registry does not have addresses for other hosts.
   *
   * @param hostName the fully qualified host name, with no trailing dot
   */
--- a/java/google/registry/model/domain/DomainBase.java
+++ b/java/google/registry/model/domain/DomainBase.java
@ -35,6 +35,7 @@ import com.google.common.base.Predicate;
 import com.google.common.collect.FluentIterable;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedSet;
+import com.google.common.collect.Ordering;
 import com.googlecode.objectify.Ref;
 import com.googlecode.objectify.annotation.Entity;
 import com.googlecode.objectify.annotation.IgnoreSave;
@ -185,15 +186,16 @@ public abstract class DomainBase extends EppResource {
  }

  /** Loads and returns the fully qualified host names of all linked nameservers. */
-  public ImmutableSet<String> loadNameserverFullyQualifiedHostNames() {
+  public ImmutableSortedSet<String> loadNameserverFullyQualifiedHostNames() {
    return FluentIterable.from(ofy().load().refs(getNameservers()).values())
        .transform(
            new Function<HostResource, String>() {
              @Override
              public String apply(HostResource host) {
                return host.getFullyQualifiedHostName();
-              }})
-        .toSet();
+              }
+            })
+        .toSortedSet(Ordering.natural());
  }

  /** A reference to the registrant who registered this domain. */